WinRAR fixes a two-decade old vulnerability that had put 500 million users at risk
WinRAR has fixed a security vulnerability that had put its 500 million users around the world at risk.
Researchers have discovered a critical 19-year-old vulnerability in WinRAR, a popular file archiving Windows application that is used for compressing and decompressing large files. The security vulnerability, which has been fixed now, allowed hackers to target devices by just extracting an archive, putting more than 500 million users at risk.
Researchers at Check Point Software Technologies, who discovered the vulnerability, explained that WinRAR was using a dated dynamic link library (dll) which was last updated in 2006. The dll did not have modern protection mechanisms such as ASLR and DEP which provide system-level security against hackers.
"A few months ago, our team built a multi-processor fuzzing lab and started to fuzz binaries for Windows environments using the WinAFL fuzzer. After the good results we got from our Adobe Research, we decided to expand our fuzzing efforts and started to fuzz WinRAR too," wrote Nadav Grossman in a blog post.
Researchers discovered critical issue in the ACE archive format which had no protection mechanism at all and hackers didn't even need to bypass it.
ALSO READ: Formjacking explained: How hackers target online shoppers, virtually skim card details
"We turned our focus and fuzzer to this "low hanging fruit" dll, and looked for a memory corruption bug that would hopefully lead to Remote Code Execution. However, the fuzzer produced a test case with "weird" behavior. After researching this behavior, we found a logical bug: Absolute Path Traversal. From this point on it was simple to leverage this vulnerability to a remote code execution," he added.
WinRAR said it was dropping the guilty ACE format altogether with its new update.
"WinRAR used this third party library to unpack ACE archives. UNACEV2.DLL had not been updated since 2005 and we do not have access to its source code. So we decided to drop ACE archive format support to protect security of WinRAR users. We are thankful to Check Point Software Technologies for reporting this issue," the company said in a blog post.
Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.